cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
675
Views
0
Helpful
1
Replies

radius and dot1x

Kashish_Patel
Level 2
Level 2

We are deploying dot1x in our network.

We have deployed 2 ISE policy service nodes. I am seeing a behavior in which switch is not detecting radius server becoming unreachable/reachable quick enough. It detects that radius server is down, but after much delay.

How can I make sure that the radius server down/up events are detected quickly?

We also have something in mind where when the switch detects that radius server has become unreachable, all the dot1x configurd ports will be force-authorized.

Now during the time when the radius-server went down and when the ports became force-authorized, will the clients suffer any loss of connectivity?

1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

The radius server is only detected dead when it doesn't respond to a radius request based on its dead criteria.

Please look up the dead criteria using the software configuration guide for your switch.

Active clients will not suffer connectivity issues when the radius server goes down. Only client requesting authentication will experience some latency but that is based on the radius dead criteria.

Hope that helps

Sent from Cisco Technical Support Android App